PT-2025-46607 · Linux+3 · Linux Kernel+3

Published

2025-09-19

Updated

2026-03-13

CVE-2025-40132

CVSS v2.0

5.5

Medium

Vector

AV:A/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the ASoC (Audio Subsystem on Chip) Intel sof sdw component. Specifically, the create sdw dailink() function does not adequately verify that the add sidecar callback is not NULL before attempting to call it. This can lead to a jump to a NULL address if a codec lacking this callback is present on the same link, potentially causing a system crash or other undefined behavior. The issue arises from an assumption that all codecs on a link will have an add sidecar callback when include sidecar is true.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2025-15302

CVE-2025-40132

OPENSUSE-SU-2025:20172-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

USN-8029-1

USN-8029-2

USN-8029-3

USN-8030-1

USN-8048-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

Sof Sdw

PT-2025-46607 · Linux+3 · Linux Kernel+3

CVE-2025-40132

Weakness Enumeration

Related Identifiers

Affected Products

References · 989